Reverse Engineering
Working backwards from the finished product to understand how it ticks. Getting Started (This only applies to version 2.0) Vampyr is a 16 bit real mode DOS executable written in Borland Turbo Pascal 5.5 (5.0? not quite sure). It utilizes the Dos, Crt, and Graph modules (along with some libraries of its own). In VAMPYR.EXE, the first code segment starts at address 0x3F10. The data segment starts at address 0x27FD0 (this is set by Borland compiled code). The data segment is the last segment in the binary. Use of an interactive disassembler is recommended, such as IDA (the free version is quite capable). IDA will not parse the DOS header and relocation table, so it is advised to remove all bytes up to 0x3F10 using a hex editor. Once loaded in IDA, it's recommended to first create all the segments using the correct base; this aids the autoanalyzer, will make your life a lot easier, and cannot be corrected later on in analysis. Also, switch the string literal type to Pascal 8-byte length-prefixed. In order to effectively debug, compile (or find) DOSBox with the debugger enabled. Loading up VAMPYR.EXE in DOSBox v0.74-2, the program's MCB is typically placed at segment 0x192 (pause DOSBox and run DOS MCBS). The code is then loaded 16 segments away, at segment 0x1A2. This causes the data segment to be relocated to 0x299F. Given the CS=0x1A2 and DS=0x299F, we can now start entering meaningful break points in the DOSBox debugger. BOAT.DAT 500 bytes in size. Each byte is a value between 0x0 and 0x4 SIGN.DAT Length: 6480 bytes Record length: 144 bytes Number of records: 45 Format: type SignData = record x : byte; y : byte; line1 : string70 line2 : string70 end; Each sign shows 2 lines of text. The (x, y) coordinates apply to the map in which the sign is loaded (the file doesn't specify which map). Like most external strings, this one also has garbage full of Turbo Pascal code. Other *.DAT See Monster File Format *.CON, *.PIC, and *.00* See Image Files. ENCONTER.SET Size: 43806 bytes Record length: 147 bytes Number of Records: 298 Format: see NPC Dialog File Format It's cute that the garbage data in this file includes the following warning: DO NOT TRY TO CRACK THIS GAME. CRACKING THIS GAME COULD BLOW UP YOUR COMPUTER. By "crack" I assume they mean reverse engineer, considering this was distributed as shareware without copy protection. Anyway, ¯\_(ツ)_/¯ PLAYER.SAV See Save File Format Character Creation The algorithm that determines stat rolls is detailed in Stats#Character Creation. Here are some extra tidbits related to the easter egg Races: * Brian and Victor get a flat +10 to each stat, added during the initial rolling (so their stats start between 13 and 23) * Victor has a stat adjustment, similar to Elf or Corintir: ** +2 to dexterity ** +1 to luck ** -1 to mental strength ** -2 to physical strength Judgement Judgement is random, but completing certain in-game functions will increase your likelihood of ressurrection. Each completed mission changes your base level of survival. (Note that if the game thinks you've beaten later missions then it won't check for earlier missions): * 10% if you've completed the first mission * 25% if you've completed the second mission * 40% for the third mission * 50% for the fourth mission * 70% for the fifth mission The following stat bonus will DETRACT! * +((constitution-10) + floor((constitution-10) / 2))% if constitution is >10 ** constitution of 11 = 1+floor(.5) = 1% ** constitution of 12 = 2 + floor(1) = 3% ** constitution of 13 = 3 + floor(1.5) = 4% ** constitution of 14 = 4 + floor(2) = 6% ** ... ** constitution of 20 = 10 + floor(5) = 15% * same for charisma * same for luck * also some random data bitshifted left by 3? On top of that, there's some miscellaneous game play progress points that DETRACT: * +3% if got the blue rose * +6% if learned Rust Armor * +10% if you met Dalagash Map IDs Each map has a unique internal identifier. The current map is stored in ds:805h. There's also a related variable in ds:804h? * 0x0 - overworld * 0x1 - Balinar * 0x2 - Rendyr * 0x3 - Maninox * 0x4 - Zachul * 0x5 - Trocines * 0x6 - Myron * 0x9 - castle * 0xA - Heaven? * 0xB - A dungeon * 0xD - Vampyr's Castle Category:Reverse Engineering